{"id":"https://openalex.org/W1599476119","doi":"https://doi.org/10.1109/infocom.2015.7218396","title":"PeerClean: Unveiling peer-to-peer botnets through dynamic group behavior analysis","display_name":"PeerClean: Unveiling peer-to-peer botnets through dynamic group behavior analysis","publication_year":2015,"publication_date":"2015-04-01","ids":{"openalex":"https://openalex.org/W1599476119","doi":"https://doi.org/10.1109/infocom.2015.7218396","mag":"1599476119"},"language":"en","primary_location":{"id":"doi:10.1109/infocom.2015.7218396","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infocom.2015.7218396","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE Conference on Computer Communications (INFOCOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5042277127","display_name":"Qiben Yan","orcid":"https://orcid.org/0000-0001-6272-7668"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Qiben Yan","raw_affiliation_strings":["Virginia Polytechnic Institute, State University, Blacksburg, VA, USA","Virginia Polytechnic Institute & State University, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Virginia Polytechnic Institute, State University, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]},{"raw_affiliation_string":"Virginia Polytechnic Institute & State University, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100342740","display_name":"Yao Zheng","orcid":"https://orcid.org/0000-0003-2820-1034"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yao Zheng","raw_affiliation_strings":["Virginia Polytechnic Institute, State University, Blacksburg, VA, USA","Virginia Polytechnic Institute & State University, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Virginia Polytechnic Institute, State University, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]},{"raw_affiliation_string":"Virginia Polytechnic Institute & State University, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101438535","display_name":"Tingting Jiang","orcid":"https://orcid.org/0000-0002-8722-3463"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tingting Jiang","raw_affiliation_strings":["Virginia Polytechnic Institute, State University, Blacksburg, VA, USA","Virginia Polytechnic Institute & State University, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Virginia Polytechnic Institute, State University, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]},{"raw_affiliation_string":"Virginia Polytechnic Institute & State University, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001879281","display_name":"Wenjing Lou","orcid":"https://orcid.org/0000-0002-2421-4623"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wenjing Lou","raw_affiliation_strings":["Virginia Polytechnic Institute, State University, Blacksburg, VA, USA","Virginia Polytechnic Institute & State University, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Virginia Polytechnic Institute, State University, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]},{"raw_affiliation_string":"Virginia Polytechnic Institute & State University, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059824798","display_name":"Y. Thomas Hou","orcid":"https://orcid.org/0000-0003-3716-5768"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Y. Thomas Hou","raw_affiliation_strings":["Virginia Polytechnic Institute, State University, Blacksburg, VA, USA","Virginia Polytechnic Institute & State University, Blacksburg, VA, USA"],"affiliations":[{"raw_affiliation_string":"Virginia Polytechnic Institute, State University, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]},{"raw_affiliation_string":"Virginia Polytechnic Institute & State University, Blacksburg, VA, USA","institution_ids":["https://openalex.org/I859038795"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5042277127"],"corresponding_institution_ids":["https://openalex.org/I859038795"],"apc_list":null,"apc_paid":null,"fwci":5.9559,"has_fulltext":false,"cited_by_count":34,"citation_normalized_percentile":{"value":0.96367031,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"316","last_page":"324"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9941999912261963,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.8838021755218506},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7512575387954712},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.5823748111724854},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.5187204480171204},{"id":"https://openalex.org/keywords/peer-to-peer","display_name":"Peer-to-peer","score":0.48442819714546204},{"id":"https://openalex.org/keywords/group","display_name":"Group (periodic table)","score":0.46238842606544495},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.39283737540245056},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3634132146835327},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3544437885284424},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3353561758995056},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.29984748363494873},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.15301457047462463},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.1332901120185852}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.8838021755218506},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7512575387954712},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.5823748111724854},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.5187204480171204},{"id":"https://openalex.org/C534932454","wikidata":"https://www.wikidata.org/wiki/Q161410","display_name":"Peer-to-peer","level":2,"score":0.48442819714546204},{"id":"https://openalex.org/C2781311116","wikidata":"https://www.wikidata.org/wiki/Q83306","display_name":"Group (periodic table)","level":2,"score":0.46238842606544495},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.39283737540245056},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3634132146835327},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3544437885284424},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3353561758995056},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.29984748363494873},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.15301457047462463},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.1332901120185852},{"id":"https://openalex.org/C178790620","wikidata":"https://www.wikidata.org/wiki/Q11351","display_name":"Organic chemistry","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/infocom.2015.7218396","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infocom.2015.7218396","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 IEEE Conference on Computer Communications (INFOCOM)","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.708.8218","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.708.8218","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://cse.unl.edu/%7Eqyan/paper/INFOCOM15_Yan.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.716.708","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.716.708","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cnsr.ictas.vt.edu/publication/Yan_2015_INFOCOM.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6399999856948853,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W16833051","https://openalex.org/W191098608","https://openalex.org/W1583098994","https://openalex.org/W1594972289","https://openalex.org/W1601795611","https://openalex.org/W1663973292","https://openalex.org/W1775772884","https://openalex.org/W1824436914","https://openalex.org/W1916198581","https://openalex.org/W1956767865","https://openalex.org/W1964991438","https://openalex.org/W2044285442","https://openalex.org/W2082456656","https://openalex.org/W2104209065","https://openalex.org/W2114590627","https://openalex.org/W2114996745","https://openalex.org/W2130598205","https://openalex.org/W2148573461","https://openalex.org/W2165232124","https://openalex.org/W2170214103","https://openalex.org/W6600678348","https://openalex.org/W6607784307","https://openalex.org/W6634779276","https://openalex.org/W6635614179","https://openalex.org/W6638021444","https://openalex.org/W6640045118","https://openalex.org/W6640826072","https://openalex.org/W6675517329"],"related_works":["https://openalex.org/W2294483539","https://openalex.org/W2378449000","https://openalex.org/W2901835651","https://openalex.org/W2883616266","https://openalex.org/W186576250","https://openalex.org/W2002178493","https://openalex.org/W2372254325","https://openalex.org/W2119207053","https://openalex.org/W2062822216","https://openalex.org/W4388937261"],"abstract_inverted_index":{"Advanced":[0],"botnets":[1,41],"adopt":[2],"a":[3,26,35,107,180],"peer-to-peer":[4],"(P2P)":[5],"infrastructure":[6],"for":[7,169],"more":[8,125],"resilient":[9],"command":[10],"and":[11,71,98,127],"control":[12],"(C&C).":[13],"Traditional":[14],"detection":[15,149,193],"techniques":[16],"become":[17],"less":[18],"effective":[19],"in":[20,42],"identifying":[21],"bots":[22,140],"that":[23,38,186],"communicate":[24],"via":[25],"P2P":[27,40,58,63],"structure.":[28],"In":[29],"this":[30],"paper,":[31],"we":[32,151],"present":[33],"PeerClean,":[34],"novel":[36,108],"system":[37],"detects":[39],"real":[43],"time":[44],"using":[45],"only":[46],"high-level":[47],"features":[48],"extracted":[49],"from":[50,61,179],"C&C":[51],"network":[52,72],"flow":[53,88,177],"traffic.":[54],"PeerClean":[55,83,174,187],"reliably":[56],"distinguishes":[57],"bot-infected":[59],"hosts":[60,64,85],"legitimate":[62],"by":[65,105],"jointly":[66],"considering":[67],"flow-level":[68],"traffic":[69,89],"statistics":[70,90],"connection":[73,100,118],"patterns.":[74,145],"Instead":[75],"of":[76,102,139],"working":[77],"on":[78,142,175],"individual":[79,116],"connections":[80],"or":[81],"hosts,":[82],"clusters":[84],"with":[86,114,158,195],"similar":[87],"into":[91],"groups.":[92],"It":[93],"then":[94,133],"extracts":[95],"the":[96,115,120,143,148,156,165,170],"collective":[97,121],"dynamic":[99,109],"patterns":[101,123],"each":[103],"group":[104,110,122,160,167],"leveraging":[106],"behavior":[111,168],"analysis.":[112],"Comparing":[113],"host-level":[117],"patterns,":[119],"are":[124,132],"robust":[126],"differentiable.":[128],"Multi-class":[129],"classification":[130],"models":[131],"used":[134],"to":[135,154,163,190],"identify":[136],"different":[137],"types":[138],"based":[141],"established":[144],"To":[146],"increase":[147],"probability,":[150],"further":[152],"propose":[153],"train":[155],"model":[157],"average":[159],"behavior,":[161],"but":[162],"explore":[164],"extreme":[166],"detection.":[171],"We":[172],"evaluate":[173],"real-world":[176],"records":[178],"campus":[181],"network.":[182],"Our":[183],"evaluation":[184],"shows":[185],"is":[188],"able":[189],"achieve":[191],"high":[192],"rates":[194],"few":[196],"false":[197],"positives.":[198]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":6},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":12},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":2},{"year":2014,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}